package com.bgi.uims.pub.web;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.struts2.ServletActionContext;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;

import com.bgi.uims.pub.utils.Constant;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
/**
 * 
*    
* @项目名称：
* @类名称：LimitInterceptor
* @类描述：拦截器栈权限控制
* @创建人：fukun
* @创建时间：2013-8-18 上午10:59:27
* @version： 1.0
*
 */
@Controller
@Scope("prototype")
public class LimitInterceptor extends AbstractInterceptor{
	/**
	 * 
	 */
	private static final long serialVersionUID = 1L;
	public static String[] url=new String[]{
		Constant.STSTIC_URL_LOGINUSER
	};//不需要权限控制的action URL
	
	@Override
	public String intercept(ActionInvocation invocation) throws Exception {
		// TODO Auto-generated method stub
		String result=null;
		HttpServletRequest request=ServletActionContext.getRequest();
		HttpServletResponse response=ServletActionContext.getResponse();
		HttpSession session=request.getSession();
		String actionname=request.getServletPath();//   /sysUserLogin/userlogin.action
		if(!actionname.equals(Constant.STSTIC_URL_INDEX))
		{
			actionname=actionname.substring(0,actionname.length()-7);//去掉.action
		}
		boolean bool=true;
		String flag=null;
		if(url!=null)
		{
			for(int i=0;i<url.length;i++)
			{
				if(url[i].equals(actionname))
				{
					bool=false;
					break;
				}
			}
		}
		if(bool)
		{
			//判断是否登录
			if(session.getAttribute(Constant.LOGINUSER)!=null)
			{
				/*
				//已经登录
				Set<String> actionNames = (Set<String>) session.getAttribute(Constant.LOGINUSER_RESOURCE);//查找允许的权限
				//所有以find开头的action不需要进行验证
				//默认打开菜单即可以查询，以及权限验证通过
				if(actionname.substring(actionname.lastIndexOf('/')+1, actionname.length()).startsWith(Constant.FIND)
						||(actionNames!=null&&actionNames.contains(actionname)))
//				if(actionNames!=null&&actionNames.contains(actionname))
				{
					//允许访问
					result=invocation.invoke();
				}
				else
				{
					//权限不足
					//注销session
//					session.removeAttribute(Constant.LOGINUSER_RESOURCE);
//					session.removeAttribute(Constant.LOGINUSER);
					//如果是EXTJS请求
					if(request.getHeader("X-Requested-With") != null 
							&& request.getHeader("X-Requested-With").equalsIgnoreCase("XMLHttpRequest"))
					{
						response.setCharacterEncoding("text/html;charset=utf-8");
						response.setContentType("text/html;charset=utf-8");
						flag = "9999";
						response.getWriter().write(flag);
			            return null;
					}
					else
					{
						//非EXTJS请求
						response.setContentType("text/html;charset=utf-8");
						response.getWriter().write("<script language = \"javascript\">");
						response.getWriter().write("window.parent.location='" + request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath()+"/"+ "';");
						response.getWriter().write("alert('非法操作!!')");
						response.getWriter().write("</script>");
						return null;
					}
				}
				*/
				result=invocation.invoke();
			}
			else
			{
				//session已注销或还未登录
//				//如果是EXTJS请求
				if(request.getHeader("X-Requested-With") != null 
						&& request.getHeader("X-Requested-With").equalsIgnoreCase("XMLHttpRequest"))
				{
					response.setCharacterEncoding("text/html;charset=utf-8");
					response.setContentType("text/html;charset=utf-8");
					flag = "9998";
					response.getWriter().write(flag);
		            return null;
				}
				else
				{
					//非EXTJS请求
					response.setContentType("text/html;charset=utf-8");
					response.getWriter().write("<script language = \"javascript\">");
					response.getWriter().write("window.parent.location='" + request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath()+"/"+ "';");
					response.getWriter().write("alert('session已注销或还未登录,请先登录!!')");
					response.getWriter().write("</script>");
					return null;
				}
			}
		}
		else
		{
			result=invocation.invoke();
			/*
			//不需要权限验证，如果是登录则需要验证码校验
			if(Constant.STSTIC_URL_LOGINUSER.equals(actionname))
			{
				//验证码校验
				//首先进行验证码判断
				String yzm=request.getParameter(Constant.LOGIN_INPUTVCODE);//用户输入的验证码
				String yzmcode=(String) request.getSession().getAttribute(Constant.LOGIN_VCODE);//系统生成的验证码
				//采用.toLowerCase()方法将验证码均转换为小写，即验证码不区分大小写比较
				if(yzmcode!=null&&yzm!=null&&yzmcode.toLowerCase().equals(yzm.toLowerCase()))
				{
					//验证通过,允许登陆
					result=invocation.invoke();
				}
				else
				{
					request.setAttribute(Constant.LOGIN_ERRORINFO, Constant.LOGIN_VCODEERROR);
					result=Action.INPUT;
				}
			}
			else
			{
				result=invocation.invoke();
			}
			*/
		}
		return result;
	}
}
